This is a new milestone release! It's been in the works for a good number of months, and has many hundreds of notable changes, fixes, and improvements that can't possibly all be listed here.

These release notes for this version are a concise summary, lifting out the most prominent and important changes. You may find slightly more detailed release notes on the forum.

General release notes:

Pale Moon is now building on the new Goanna engine instead of Gecko. Although close relatives in terms of web technology, they are not the same under the hood and any reports of bugs with the layout/rendering engine should be as detailed as possible to allow us to pinpoint the cause of the bugs and fix them (just stating "it works in Firefox" really doesn't help us!). If you wish to report issues, please either use the issue tracker on GitHub or report a detailed description and steps to reproduce on the forum.

We've had to reduce the number of supported languages for our language packs. With the need to move to our own full localization and lacking translators to support and maintain less common languages in use around the world, we've reduced our number of offered languages to a little over 30. The languages still supported should more than cover the common languages spoken around the globe. You will need to update your language packs!

Although we've given this release extensive testing, it is still possible you run into some website compatibility issues (usually because of websites doing useragent sniffing) and e.g. some sites displaying a mobile version if they do not recognize or incorrectly recognize the new browser engine. Please always try contacting the webmasters first before posting support requests at our address, since this is usually not something we can provide solutions for, ourselves, and we end up having to redirect you anyway.

Fixes/changes:

The layout parser/renderer has received many updates with this change over to Goanna, improving web compatibility and standards compliance in many areas.

The browser user interface has received updates, making it more compatible with Windows 10 in many respects and more in line with the general styles of the operating system version it is run on in terms of the shapes of controls and color setting.

Added CSS media queries to determine the OS the browser is running on, allowing theme designers to make specific changes based on OS at run-time.

Added a control preference for onunload= events as dom.disable_beforeunload. This allows you to completely disable events fired when leaving a page.

Changed the memory allocator to the (faster) system allocator on modern operating systems.

Improved the handling of very large numbers of tabs.

Added Ecosia as a "green" search engine alternative for the environmentally aware surfer.

Autoplay of media now has a separate control preference for scripted content as media.autoplay.allowscripted, to block script-initiated autoplay of media.

Security updates:

Added support for 128-bit Camellia-GCM ciphers in addition to the existing CBC ciphers to offer a more internationally diverse choice of secure encryption ciphers than just AES.

Added an advanced, active XSS (cross-site scripting) filter. Pale Moon will now check for XSS attacks and block XSS content in the resulting pages. This is brand-new technology and feedback on this filter specifically (e.g. bugs, false positives, etc.) should be posted in the dedicated thread on the forum for this feature. Please also see that thread for details on how to use and control this filter.

Distrusted several root certificates in accordance with security best practice.

Aligned cookie acceptance with RFC 6265 §4.1.1. We still make an exception for allowing spaces and double quotes in cookie values, but this will be made more strict in the future for full spec compliance. If you are a web designer and use cookies, please verify that you are RFC compliant in terms of both cookie names and cookie values, or the browser may reject them.

Removed several hazardous modules like the maintenance service and the identity module.

Ported all security updates from Mozilla that are applicable/relevant to our code base (up to and including all security issues made known to us until now). Considering v26 has been kept updated over its long development until release, the list of fixes/CVEs would be too exhaustive to list in these release notes individually.